Regulatory Compliance, Governance and Security

Jan 16 2009   3:46PM GMT

SAS 70 Audits & Data Centers | Tips on Preparing for the Audit



Today’s data centers and managed services providers are complex businesses, providing customers with a wide array of services. As such, SAS 70 audits have become the standard compliance audit for assessing internal controls for data centers and managed services. But buyer beware, not all SAS 70 audits are the same when being conducted on data centers and managed service providers. So, what’s the scope, you say? Well, generally speaking a good quality SAS 70 audit process and its subsequent report should include the following areas for considerations of controls:

1. Executive Management/Strategic Management Drivers
2. Human Resources
3. Quality Assurance Activities
3. Client Contract Processes
4. Technical Client Provisioning Processes and Activities
5. Change Management
6. Incident Management
7. Logical Security
8. Network Security
9. Shipping and Receiving Management
10. Physical Security
11. Environmental Security

Any SAS 70 conducted on data centers, managed services providers and co-locations entities that encompass the following above referenced areas can be considered a quality audit and report, at least in terms of scope. It’s then up to the CPA firm conducting the audit to actually perform testing for these above referenced areas, but that’s a whole other topic of discussion for a later date.

To learn more about SAS 70 audits, visit the official SAS 70 Resource Guide.
To learn more about PCI DSS assessments, visit the Payment Card Industry (PCI) Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: